There seems to be a couple of syntax errors which get in the way of clicking a few buttons (at least in ie7)

Additionally (as a first pass), the Item prices and quantity are passed as post variables, and no verification is done to ensure that the data is correct (making me the proud owner of 10000 Womens Stretch Fitted Shirts for a grand total of -$395,000)

EDIT: There is also XSS in the prodName and catName fields when the user selects to buy an item.

This application is developed as a vulnerable application. The idea is to show to what extent a vulnerable application can be exploited. I am working on a secure application (the same application with more security controls inbuilt) which we can use to compare how effective the security controls are in comparison. This is more for proof of concepts and educational purposes. If you are looking for a challenge then please wait till i deploy the secure application. I am not saying that will be full proof but at least it wont be as easy to hack as this one.

This application when developed was tested in IE6 and firefox 2.0. Sorry i forgot to mention that.